[c-nsp] tcpdump on ios?

Aamer Akhter (aakhter) aakhter at cisco.com
Sat Jan 12 15:30:56 EST 2008


Hi Folks,

It really depends on what the intent is. If the intent is to track flows transiting the router, then these debug commands are (IMHO) not the best way. Eg, a problem with debug cef is going to be not all packets are CEF switched (eg PBR, MPLS). These are really meant to troubleshoot the specific switching/forwarding system(s)

I think the original poster was looking for only tracking of flows, not interested in payload gathering etc (so the tcpdump in the subject line might be conveying more than actually required). For that purpose, NetFlow should suffice.

For specifically creating pcap files on the router, IP router traffic export (RTE) has been mentioned. RTE can create pcap files on a remote tftp or locally (disk,usb etc). The limitation there is that it is only available on certain platforms and there it only captures TCP traffic. I'm trying to help prioritize the case for supporting non-TCP traffic so if there is solid interest please drop me an email.

SPAN and lawful intercept (LI) are also options providing you're on the right platform and an image that has LI.

Regards,

-- 
Aamer Akhter / aa at cisco.com
Ent & Commercial Systems, cisco Systems

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Saku Ytti
> Sent: Saturday, January 12, 2008 1:30 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] tcpdump on ios?
> 
> On (2008-01-12 10:42 -0500), Luan Nguyen wrote:
> 
> > But on a simple router, to track down a problem for a few seconds...
> > no logging console
> > logging buffer xxxx debugging
> > no ip route-cache on interfaces
> > access-list to match or set interface condition
> > debug ip packet detail <access-list> (dump).
> >
> > would do fine?
> 
> Since new CEF code in 12.2S, in software platforms using CEF
> for switching you can debug CEF switched packets virtually
> for free (as well as mirror, which was already mentioned
> in the thread earlier). Debugging is not surprisingly 'debug ip cef
> packet
> ..'.
> 
> Thanks,
> --
>   ++ytti
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list